Rep. Morgan Griffith: If Latest Leaks On NSA Had Come Out Earlier, NSA-Defunding Amendment Would Have Passed

from the time-to-focus-on-the-future dept

Hindsight being 217-205 and all that, but one of the reps voting for Justin Amash's NSA-defunding amendment has noted that had last Thursday's revelation of widespread domestic spying broken a little earlier, the amendment would have sailed through easily.

"We only needed seven votes to switch and I think there were at least seven, probably more like 20-30, who had their concerns about the program but were prepared to give the intelligence agencies the benefit of the doubt," Rep. Morgan Griffith, Virginia Republican, told The Washington Times after the NSA rules violations came to light.

That would have been nice and would have sent another message that everyone's a bit tired of the NSA's "inadvertent but completely lawful and relevant' schtick. What would have been even better is if some of this information had been discovered by those charged with overseeing the NSA. It's rather troubling that our legislators are discovering more about the NSA from journalists than from the oversight committees.

Instead, the oversight committees have taken an almost-antagonistic approach to disseminating information. Mike Rogers and Dutch Ruppersberger have, on multiple occasions, withheld information from other members of Congress. And what's not being withheld is being actively lied about by intelligence officials.

Mr. Griffith says that the intelligence community, which defended the program and worked to preserve it against the legislation onslaught, misled Congress.

"We were being told there were 'some' errors, like a few," Mr. Griffith said, referring to sworn congressional testimony about the domestic programs from senior intelligence, FBI and Justice Department officials. "They gave everyone the impression these [errors] were very rare. If [my colleagues] had realized how many [violations of privacy protection or legal rules] there were, I think more than seven of them would have switched."

At this point, it would seem any further debriefings or inquiries would be pointless. Those questioned have lied in the past and have refused to stop lying even when faced with the possibility that new evidence will be revealed that exposes their lies. A more forward-thinking agency might start offering up other problematic tactics in hopes of controlling the narrative when the next leak hits. Instead, it seems content to send out rehashed rhetoric as "statements" in response to each new leak, hammering the meaning of its favorite buzzwords: relevant, collecting, legal, oversight.

On the plus side, the revelations may generate more support for Rush Holt's attempt to kill off the PATRIOT Act and wind back the overreach of the FISA Amendments Act. In addition, Justin Amash is looking to introduce another bill to pick up where his narrowly defeated amendment left off. Every little bit helps and last week's bombshell pretty much destroyed the NSA's claims of internal controls and "no evidence of abuse."

Re:

Repealing bad acts and passing new legislation to limit these sorts of thins is NOT enough. The people responsible for allowing this to happen and all who are involved in continuing the subterfuge need to be punished and punished more than a slap on the wrist.

i think the blame should be laid squarely at the feet of Pelosi for running round like a scalt cat, doing whatever she could to get voted in favour of keeping the funding going. yes, had the information come out earlier, it would have made a difference, but for someone (more than one) to have been actively defending the NSA (and then go against them after the fact) made the major difference. as for the bills in the #1 comment above? even if they are repealed, the spying will continue, just more underground than ever.

Perfection doesn't exist. So what is the alternative plan then?

>> Every little bit helps and last week's bombshell pretty much destroyed the NSA's claims of internal controls and "no evidence of abuse."

I am not shocked that a group of a great many people running many queries gets a few wrong. This info is useless. The mistakes are not used to abuse people best anyone can tell. A real abuse would likely get the person in lots of trouble since the queries are almost surely logged and analyzed for auditing purposes.

From a different article:

“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,”

"but the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance."

Note the "human" and the "automated systems" parts. It's tough to get this right all the time when each new query has a chance of being unacceptable. Automated systems cause errors. Humans cause errors. You can't win all of the time, but you can try to mitigate and prevent abuses as much as possible.

Also note that some of the unacceptable actions refer to "protected content" ie, copyright or similar violations.

In any case, there is an independent and outside group that will look at this to find ways to get closer to zero mistakes.

I have a question, let's look at copyright material. Let's say that you deal in "tons" of digital material and do your best to stay clean. Would you want to be "prosecuted" for making a few mistakes or for most of the time accidentally dealing with the wrong link? How about even the rare sneak peak at something that is technically off limits if you read all the laws and licenses but is accessible?

The DMCA, despite it's faults, is intended to recognize that people make mistakes and that if they try to fix them, they should be on the right side of the law.

Anyway, if people simply think that going after "terrorist groups" with as much data as possible should not be done, then make that argument. Otherwise, it seems the complaint is that computers and humans are not perfect. Well, in what part of law enforcement or anything else is there perfection? Yes, you may hate lots of law enforcement or what not. Again, these are different arguments than attacking the controls here. And the lack of transparency of the intelligence community is another argument one can attempt, yet again it is a different argument the idea that we should not have any or many secrets from the expectation of infallibility.

Do people want a yearly listing of how many errors were found for the past year?

Do people simply feel that if this was hidden from the public (as are many other things of any organization.. perhaps unfortunately) then a lot worse likely lies underneath?

PS: Please note I am not saying that the only mistakes have to do with typos (and where maybe the query is discarded as soon as the person realizes). There are more serious problems, but has there been any evidence of exploitation by government or of taking of information for private profit or what not (except Snowden, if you want to look at it that way)? A perfect government does not exist. Most people break speed limit laws every day and don't have to pay a single dollar because they are not caught. Do people want a society where every sneeze is fined? Why would the government not be allowed to make the occasional mistake as a person carries out his job duties and generally (in this case) works to find "bad guys" and prevent loss of life and property?

Re: Perfection doesn't exist. So what is the alternative plan then?

Re: Re: Perfection doesn't exist. So what is the alternative plan then?

You are talking about something different (data sharing across agencies).

I agree there should be limits.

My question was about potential email/phone gathering on US citizens and the implementation of those laws with regards to internal controls succeeding or not and in consideration of the imperfections all humans and computer programs have.

I'm not trying to judge the whole law but taking bite sizes. Have the people or policies failed in a significant way (when looking at the whole) if we want to avoid as much intrusion as possible but assuming we want some of the benefits of thwarting "terrorism" or of being more easily able to take down groups trying to execute on an attack?

Re: Re: Re: Perfection doesn't exist. So what is the alternative plan then?

Have the people or policies failed in a significant way (when looking at the whole) if we want to avoid as much intrusion as possible but assuming we want some of the benefits of thwarting "terrorism" or of being more easily able to take down groups trying to execute on an attack?

Yes, it has failed. The policy is very nearly as intrusive as it could possibly be. It's a long, long way from "avoiding as much intrusion as possible".

The funny thing is that we already have a mechanism that people are OK with for doing what needs to be done to track down "bad guys". It's called getting a warrant on an individualized basis.

Re: Perfection doesn't exist. So what is the alternative plan then?

I'm not blaming enforcement agencies for wanting to share this information, they are trying to do a job. But the history of technology and law enforcement has always been about where the line in the sand gets drawn between putting bad guys out of business and the right to privacy.

If the DEA can use SOD intelligence, why not the IRS? Why not your local police department (oops, they already do). Whose decision was it that this data could be used for narcotics enforcement? And on what basis did they limit the application of it?

Re: Re: Perfection doesn't exist. So what is the alternative plan then?

Re: Perfection doesn't exist. So what is the alternative plan then?

[in reply to myself:]

>> few

Thousands would not be called few, but, from context, I am talking about what supposedly represents a small percentage. The context includes the idea that humans and machines running many queries will occasionally make mistakes.

Of course, running a query and taking "significant" action based on the contents of an incorrect query are different things. The former is almost like asking, "if a tree falls in the forest and no one has yet heard it, did it fall?" The latter is more serious and I think what supposedly the NSA claims is under control.

Re: Re: Perfection doesn't exist. So what is the alternative plan then?

Thousands would not be called few, but, from context, I am talking about what supposedly represents a small percentage. The context includes the idea that humans and machines running many queries will occasionally make mistakes.

Your honor, out of the thousands upon thousands of people I meet on a daily basis, I only murdered that one. In context, it's not that much, and I didn't really mean to do it. Occasionally we all make mistakes like killing someone.

The ratio of mistakes is meaningless. The absolute number of violations of the law is what matters.

Re: Re: Re: Perfection doesn't exist. So what is the alternative plan then?

I was talking about justifying use of the word "few".

As for mistakes in general, it depends on the mistake. How many mistakes do you make daily, even just driving or writing? Do you want to give a number? What does that say about you? Might you not think you make "few" mistakes even if the count goes over 1000 yearly? The context of "percent of the whole" is germane.

Secondly, what errors are we talking about? Making a typo to get a wrong set of data and then discarding and redoing it (as might be one such scenario) is hardly the same as murdering 1000 people or even 1.

So, "few" makes sense under context, and few in this case also is not nearly as serious (from what I have read) as a murder or anything like that.

My mistakes may lead to a fender bender or a quaint miscommunication at best, at worst a lost friend or an unfortunate accident. The NSA's mistakes lead to thousands of people's private data being stored and cataloged in a database used for tracking terror suspects (and, as has been revealed, tax evaders, drug traffickers, and *most likely* a host of other scrupulous peoples) AT BEST. And while we're on the subject of 'few', one of the NSA's 'few' mistakes led to the collection of 2,700 people's data, and I'm assuming a similar (or higher) number for the other ~3,000 'mistakes' they've made. Plus the fact that these 'mistakes' are just from the main branch in Maryland, leaving out the assuredly egregious 'mistakes' of the other hundreds of branches.

Well, we are not talking just about you. The law allows virtually everyone of a certain age to drive. Multiply by tens or hundreds of millions.

And without more information, just gathering data on 2700 is near meaningless (possibly as meaningless or more so than the "tree falling in the forest with no one there to observe it"). It's what happened with that data that needs to be looked at.

And I should have added, we aren't necessarily going to know about the abuses, absolute power corrupts absolutely, etc -- I think those points should be part of any discussion; however, in conducting this public trial of the NSA and other public characters, we should try to be clear about what is speculation and what is actual harm shown.

In the grand scheme of things 2,700 is near meaningless, but let's do some approximate math here. There were 2,776 incidents of abuse at the complex in Maryland last year. Assuming that each case exposed the information of 30 people (a pretty low estimate, considering some of these incidents affected upwards of 3,000 people) that would mean the private data of ~83,280 Americans was compromised at just the Maryland facility. Now, let's make an educated guess as you did that there are 100 NSA compounds across the nation. Assuming they had a similar rate of abuse, that would lead to ~8,328,000 Americans having their data sifted through illegally last year alone (again, with the calculations based on a low-ball estimate). Now that data may be innocuous and all of those incidents could be accidents but that still means ~8 million Americans had their personal communications illegally intercepted and perused last year, and the rate of incidence has been increasing every year, not to mention that the data was most likely not purged but kept on file.

Some of the variables above are guesswork but I think it still illustrates the problem well: these measures are affecting millions of Americans in ways we don't yet fully understand. And as you said, if it is being abused, we may never learn about it, but I'm not willing to take that chance.

I like math, so I will reply to that, but the main point is that a query result that gets deleted a minute later or a day later without any use being made of the data might leave an audit trail but be meaningless to the privacy of Americans. The important point is the totality of harm from those error queries and not their number.

As for the math, lots of queries are very repetitive in nature. That makes sense, but, as a check, we see that if not then we would have at least 8 million / .0001 = 80 billion Americans walking the planet. In other words, if an error is made once every 10,000 queries (assuming equal query size), then there would need to be at least 80 billion Americans for that ratio of bad queries to give 8 million (as you calculated) if there were no repeats in the query results.

That is true and I didn't consider it, I shouldn't have been so eager to apply unique peoples to those numbers. This does not negate the fact that they have violated the law at least ~8 million times and lied about it. As it stands, though, there isn't really a way to calculate what harm this has caused, so until further information comes out I'll leave these numbers alone.

Re: Re: Re: Perfection doesn't exist. So what is the alternative plan then?

>> If an action is being taken on such a vast scale that the margin of error guarantees that thousands will be violated, then perhaps that action shouldn't be taken at all.

Yes, you are so right here. We should make driving illegal. We'll forget about the other side of the ledger and the degree of harm caused.

>> the former ... the NSA pretends is of no importance.

The number of flaws themselves is not that important. The number has to be juxtaposed with the degree of harm.

As an analogy, if you make widgets and the cost to spot and recycle a broken widget is near 0, then you can afford many mistakes and should probably invest your money improving some other process. The degree of harm matters "always" since it's the product of harm*frequency (summed over all cases) that frequently really matters.

The number of flaws themselves is not that important. The number has to be juxtaposed with the degree of harm.

Well, we disagree in this case. The actions being taken by the NSA are burdensome and harmful even if there isn't a single case of outright abuse. They are also clearly unconstutional when viewing the clear intent of the Constitution, if not the Supreme Court's current opinion (which is unknown).

Since we are talking about a very questionable, at best, action being taken on a huge scale, every single case of demonstrable failure counts to a much greater degree than if we were talking about making widgets.

Re: Perfection doesn't exist. So what is the alternative plan then?

We know government is not perfect, that's besides the point. Even if it was operating correctly with appropriate digital provisions and no errors it is still hoovering virtually every connected person's data and storing it for queries with no reliable, independent oversight. And even if we did have independent oversight and limited the communications that could be monitored there is no guarantee this system could not be gamed in the future. The NSA has got a hold of Pandora's Box, and they may promise not to peek inside but we shouldn't even give them the chance.

Re: Re: Perfection doesn't exist. So what is the alternative plan then?

Don't forget we have a tradeoff. The stakes rise as technology accessible to everyone grows. There are legitimate discussions to be had on this issue and policy/law. I don't think the answers are clear-cut or absolute.

Also, the nature of technology and communication makes things messy. Having technical means to what is desired usually means you have technical means to much more.

Re: Re: Re: Perfection doesn't exist. So what is the alternative plan then?

There is a trade-off, but the decision to trade was made in haste while the country was dazed. And now that citizens are coming-to (and those who were too young to understand coming-of-age) they're realizing the awful deal they've made but government is furrowing it's brow, puffing it's chest, and declaring no-givsies-backsies. We're trying to debate and discuss this trade with them but they keep interrupting us: calling us names, conflating rhetoric with reality, and insinuating they know what's best for us and it's getting old. We'd like to have this discussion before the US tires of verbal charades and starts throwing punches.

Keep in mind that the same fear government leaders had of being major targets to terrorist activity has not changed too much. Put new people in office and at some point they will realize the stakes to their well-being. Gov reps are larger targets than most people. Can a "few" people's privacy possibly be violated (as they see in their minds)?

"Yes, of course, absolutely" is how many might eventually feel even if they don't verbalize that to constituents or even if they suggest they believe the opposite.

Re: Perfection doesn't exist. So what is the alternative plan then?

I am not shocked that a group of a great many people running many queries gets a few wrong.

Me neither, which is a strong argument for why they need to stop doing this stuff.

In any case, there is an independent and outside group that will look at this to find ways to get closer to zero mistakes

Right, sure there is. I'll believe it when I see it.

Anyway, if people simply think that going after "terrorist groups" with as much data as possible should not be done, then make that argument.

I do argue that. Going after "terrorist groups," or any form of lawbreaking, should absolutely not be done with "s much data as possible." It should be done with as much data as possible within the confines of what is allowed in the Constitution and by society.

The argument is simply that the government should not be collecting all the data on everybody without regard to whether or not they have any connection to terrorist groups.

Do people want a yearly listing of how many errors were found for the past year?

If they're going to keep doing this stuff, and there will continue to be zero effective oversight, then yes, that is one of the things that I would like to see.

Do people simply feel that if this was hidden from the public (as are many other things of any organization.. perhaps unfortunately) then a lot worse likely lies underneath?

This is clearly true, but is not the primary objection to these programs.

Abuses and mistakes make the program even worse, but the programs are in themselves abuse. Even if zero mistakes were ever made by analysts, I would be opposed in the extreme to this stuff.

Re: Re: Perfection doesn't exist. So what is the alternative plan then?

>> Me neither, which is a strong argument for why they need to stop [running many queries, etc].

Are you also in favor of prosecutors no longer indicting anyone or of "boys" no longer asking "girls" out on dates?

Besides the social consequences and psychological harm that is possible to the initiator, having success can also be horrible to the target in many cases since we know that innocent do go to prison and the chair and that significant other are abused and even murdered.

We can't risk trials and dating if we can't risk someone seeing something about someone they don't know and which was intended to be private.

[Has any further direct harm than this been revealed about the NSA mis-queries?]

>> Right, sure there is. I'll believe it when I see [that independent and outside group].

You can be skeptical and might even be correct in your suspicions, but I'll note that it is unlikely that if such a group came about and found some success that "evidence" would be convincing to anyone who significantly doubts in the first place. I say this also considering that the nature of the study means lots of secrets will be kept from the public.

>> It should be done with as much data as possible within the confines of what is allowed in the Constitution and by society.

Roughly that is what I intended. I know I didn't state that part that well and left it a bit open-ended.

>> The argument is simply that the government should not be collecting all the data on everybody without regard to whether or not they have any connection to terrorist groups.

I am not sure about the following. They are collecting near all data (like emails and phone conversations) or simply near all meta-data (on email/phone)?

Re: Re: Re: Perfection doesn't exist. So what is the alternative plan then?

Are you also in favor of prosecutors no longer indicting anyone or of "boys" no longer asking "girls" out on dates?

What? I don't understand your point here.

They are collecting near all data (like emails and phone conversations) or simply near all meta-data (on email/phone)?

That's a distinction without a difference, but let me answer it anyway: they are collecting everything, but not all under the same program. So they can say "this program only collects metadata" while still collecting the contents under a different program.

In any case, the difference is meaningless. If you collect and correlate everything, then collecting "just metadata" is very nearly as revealing of your personal information as collecting the contents. It is a roughly equivalent invasion of privacy because roughly the same information ends up getting revealed.

If [my colleagues] had realized how many [violations of privacy protection or legal rules] there were, I think more than seven of them would have switched.

So we have one of our legislators - you know, someone that is part of the body of government that is supposed to write laws and correct outdated or bad ones - telling us that the information they now have makes a huge difference in law they just passed.

Umm...SO ARE YOU GUYS GOING TO FIX THE LAWS OR SIT THERE LIKE A BUNCH OF IDIOTS TELLING US IT ISN'T YOUR FAULT?

Re:

More bullshit and spin

His statement is just another attempt at damage control when you consider that EVERY senator and congressman currently in office is either directly implicated in this fiasco - or asleep at the wheel when it happened - and utterly derelict in their sworn duty afterwards.

Coulda, shoulda, woulda...

That's a child's response to an adult's question.

Too bad none of this was a concern for these so-called representatives until it became glaringly obvious the people they were representing weren't about to let it continue any longer.

Save your hand-wringing gentlemen and ladies of the House and Senate. Just sit quietly until next election when we can finally vote your fucking asses right out of office.

Assuming, of course, you (and our ripe for impeachment President) allow the upcoming elections to take place.

Re: More bullshit and spin

I'm pretty sure that Senator Wyden was trying to warn people as best he could well before this all broke, and a number of Congressmen were flat out kept in the dark by information being withheld. So it certainly isn't "every" senator and congressman to blame. Nor were they all derelict in their sworn duty afterwards, or the Amash Amendment wouldn't have come so close to passing.

First is the total misdirection by the NSA to all their oversight groups about any of it. Distinct and purposefully lying to cover it up, so they wouldn't be caught at it.

Then you have the president claiming all sorts of oversight groups are included to make sure the NSA does the right things. Only to find out that's all lies too. No one gets to look over the NSA's shoulder.

This idea that this is a small percentage is another bit of misdirection. This is only for ONE NSA center out of bunches across the country of which no one has spoken for how many they add to the total accumulative amount.

Then there is the idea of this miniscule percentage of mistakes. When you look at what few figures come out, it breaks down to they are seeking roughly 7,000 queries a minute. Here's a news flash... We don't have 7,000 terrorists in the US.

All of this has been lies and misdirection. No one is being held accountable to end it and no one is fessing up to breaking the intent and purpose of the Constitution, The Bill of Rights, nor the willful violation of the Universal Declaration of Human Rights Treaty the US originally signed in 1948, in specific article 12 stating:

Article 12.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

There are several other violations of these articles both the US and the UK are guilty of violating. Snowden's right to seek asylum in Russia is an action protected by Article 14, which is a separate issue from theft of classified documents.

Remember OWS? Yeah, that one is in there too, about everyone has the right to freedom of peaceful assembly and association.

Funny that being as it is inconvenient to pay attention to these currently supported themes our government now takes the stance it can ignore them, you know, sort of sweep it all under the rug.

It is coming down to the idea that maybe Obama knew and was lying. The speculation has been written about already. It could also have impeachment in the future should more be revealed and we have been assured there is lots more we haven't been told.

So no, I'm not willing to just say it's a few minor percentages of mistakes. Everyone to date has been lying their asses off and that does not inspire trust in the government but rather it leaves the impression of wondering what else is being hidden?

Re:

>> This idea that this is a small percentage is another bit of misdirection. This is only for ONE NSA center out of bunche

If 7000 queries per minute are national (I'm using your figure), then that's 3.6 billion queries per year.

Multiply say 3,000 faults by 100 offices (I'm guessing), and that leaves you at 1/100th of 1% of the queries are problematic. Ie, for every 10,000 queries, one goes astray.

That is where "few" comes from. You have human and computer program error to deal with. And we are just talking about a bad query, not a harmful action based on that query.

>> We don't have 7,000 terrorists in the US.

This reminds me of what Mike mentioned in that if you have enough queries then a small percentage can still result in serious damage.

It does perhaps suggest that there are wider goals than just terrorism.

But you aren't matching apples to apples. A single traditional murder can result in many many queries when you add all the interrogations across many people. When you are trying to solve a crime, most queries will lead to nothing. And with automated queries, you can afford to throw away many more queries for the cost and time. There is also the matter that the magnitude/nature of the crime asks greater effort be put forward, even if it lowers efficiency. Finally, the US is also concerned with terrorists in other countries and plots in other countries as these affect the US at least indirectly in various ways. OK

>> Then you have the president claiming all sorts of oversight groups are included to make sure the NSA does the right things. Only to find out that's all lies too.

It's hard to get "preventive" oversight. The idea is that sooner rather than later, but frequently after the fact, that problems will be caught. In engineering, this would be akin to the difference between error correction (ie, automatic correction, aka, prevention) vs error detection. Detection is very useful and much cheaper. Frequently it is good enough. Judges do admonish prosecutors in our society even though it may be after the fact and allow the accused to be released on mistrial. If someone is harmed, they usually have recourse to a lawsuit. Evidence is tossed out by judges. Appeals do succeed in many cases. Etc.

Also, there are failures in the oversight by the 3 branches of government, but oversight does exist in some capacity.

So it's one thing to say things can be better via X Y or Z, but to speak as if the system is worthless....

Did you have a specific "lie" Obama made?

>> No one gets to look over the NSA's shoulder.

There are policies established that bind them. There is some basic oversight by the other 3 branches. There are internal audits.

I think you should suggest a way to improve this weakness present in all secret intelligence gathering.

>> First is the total misdirection by the NSA to all their oversight groups about any of it. Distinct and purposefully lying to cover it up, so they wouldn't be caught at it.

Congress can change the law to require numbers; however, as mentioned above, 1/100th of 1% is something many would consider can be left off the "executive summary". I do agree the query numbers can be inflated in order to hide "flaws" but Congress should be more demanding rather than expect the NSA to police itself perfectly.

I suspect many gov representatives (and citizens) are willing to give the intelligence community rope because they know their own personal security is at stake. Gov leaders are major targets of terrorists. You and I must be very unlucky to become a target but certainly can be as well.

There is infrastructure that is imperfect and many major systems that are vulnerable in various ways. Many will prefer some breech in privacy to having mass losses of life on a semi-frequent basis or to deal with the obscene amount of money to "fix" all weaknesses.

Re:

govermt shutdown

I am a disabled vet. I will be willing to stand the test of time no matter how long it takesto force obama and his puppet senate to concede to the will of the people. Hold the line and be strong I am behind you and the magority of the people in your district are with you. Stand up for whats right and why we put you in the position you are in.